Overview

overview

10

Static

static

3

002-ENVIO ...ON.exe

windows7-x64

10

002-ENVIO ...ON.exe

windows10-2004-x64

10

002-ENVIO ...CI.dll

windows7-x64

3

002-ENVIO ...CI.dll

windows10-2004-x64

3

002-ENVIO ...fo.htm

windows7-x64

3

002-ENVIO ...fo.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbf4967a71a84d38dd84f2b3bf7737ff.001

  • Size

    1.9MB

  • Sample

    241202-t9yayaykgm

  • MD5

    bbf4967a71a84d38dd84f2b3bf7737ff

  • SHA1

    89b8ece9a1bd1e3cca11233dc782ef8612f6fe11

  • SHA256

    6abd8123ba9bafab95d9c0ff91281cf70e2fd164e019dcc4b0a31258c072befd

  • SHA512

    82a4248c13e1d92ccafe71051ecc2490d98133b6e0a8b236a539e516a18a4c9f6c3f6624d028f5241ffa63b082f6691154d7a30385113fc04849e5c4620cf836

  • SSDEEP

    49152:WhcePl/v3eNPT/1UlJKnko7ebz5V1NBTqI/Ir4xLiu:8H1Uqrjn5VpuI/Ir4Yu

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

ansynov25.duckdns.org:1415

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      002-ENVIO COIPIA DE LA NOTIFICACION DEMANDA JUZGADO PENAL DE CIRCUITO RAMA JUDICIAL/001 COPIA DE LA NOTIFICACION.exe

    • Size

      4.6MB

    • MD5

      ae2a273bd3297d0abe74f940f76575a8

    • SHA1

      73a8eaff4cb01bc03826bc90e7bd5f658bf2f5ac

    • SHA256

      1fd92aa46464f8453e33dc7461f80ee7b441f9042e9d0110086226c5f725bd9f

    • SHA512

      233e8d400138a72a2c64dcfcc0212e771c51d49a499e6a607b2b5a6ff4582fef05ebf551380193a5d00f9179e2b431ddc25a7e556a2857704008a4f5d3a2455a

    • SSDEEP

      98304:nXTE4R/w8VGgIW7ZLl3F2xXFHOBe1gORB9O:nXTE4RnQWBl3MgOE

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      002-ENVIO COIPIA DE LA NOTIFICACION DEMANDA JUZGADO PENAL DE CIRCUITO RAMA JUDICIAL/CI.dll

    • Size

      419KB

    • MD5

      a10ddb8347bc7dba40b7b0b500087926

    • SHA1

      b3fd873f8446b25d869a463198a44389e7e3ac0f

    • SHA256

      9d074df5fb2e1556f8b2b79d280d47fad065fa20ad2dab662552801da90f8338

    • SHA512

      013ee68c49e9dffb861445dca210a2f19f4fc762d0773477770cfbded8ae64f2b0c1b4f0b511450215bdf9d73077af2451e463819eb83bf5d2dc394eefabe761

    • SSDEEP

      12288:valuwmjhN3joZl5Lv0kMUeqqUMsTzi4nT8pXp:BwmjIv0Ttqqk3JT8pXp

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      002-ENVIO COIPIA DE LA NOTIFICACION DEMANDA JUZGADO PENAL DE CIRCUITO RAMA JUDICIAL/info.htm

    • Size

      949B

    • MD5

      6642ecfd9abc4c366908d1107ba2514f

    • SHA1

      3420d1750a40ecbc3764810fd9193e855f33078f

    • SHA256

      89a7d58c875458308f86299b03ac99b73cf4fb7a14dbc43c94b4295f12696a7a

    • SHA512

      d5f469b2313510bba79c840c3dec9dff160bf68f48b12f3aaf107472e0f03435bfb2eaa9962b536e27eb66647304d7760e11ef22868bf129f698edbb057c7dc5

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks